[RESOLVED] Im seriously confused....

zcollvee

Ok this worked perfect until a few hours ago.
I seriously don't know whats going on...
Ok so this is my HTML code where the user enters his/her information

<form method="post" action="/generalsettingsupdate.php?details=general">
<table>
<tr><td>First Name:</td><td>
<input type="text" name="name" value="<? $pic = fname($id); echo $pic;?>" ></td></tr>
<tr><td>Surname Name:</td><td><input type="text" name="sname" value="<? $pic = sname($id); echo $pic;?>" ></td></tr>
<tr><td>Your picture URL</td><td><input type="text" value="<? $pic = pic($id); echo $pic;?>" name="pic"></td></tr>
<tr><td>Your Profile Background</td><td><input type="text" value="<? $pic = bgimg($id); echo $pic;?>" name="bgimg"></td></tr>
<tr><td>Where do you live?</td><td><input type="text" name="live" value="<? $pic = live($id); echo $pic;?>" ><br /><div class="sep"></div><br />
</td></tr>
<tr><td>About You:</td><td><textarea name="aboutme"><? $abtme = abtme($id); echo $abtme;?></textarea> ></td></tr>
<tr><td>Blog Header</td><td><input type="text" name="bloghead" value="<? $pic = bi($id); echo $pic;?>" ></td></tr>
<tr><td></td><td><input style="float:right;"type="submit" value="&nbsp;&nbsp;Save&nbsp;&nbsp;"></td></tr>

</table></form>

Then it sends to generalsettingsupdate.php where it is processed

<?php
include("head.php");
//$id is gotten from the server through the head.
$live = $_POST['live'];
$firstname = $_POST['name'];

$surname = $_POST['sname'];

$pic = $_POST['pic'];

$bloghead = $_POST['bloghead'];

$aboutme = $_POST['aboutme'];

$bgimg = $_POST['bgimg'];

$query = "UPDATE users SET live='".$live."', name='".$firstname."', sname='".$surname."', about='".$aboutme."', picture='".$picture."', blogimage='".$bloghead."', bgimg='".$bgimg."' WHERE username='".$id."'";
mysql_query($query) or die(mysql_error());
$name = fname($id);//fname() fetches the name of the  user from the database
$txt = "<a href=\"profile.php?username=".$id."\">".$name."</a> changed his profile details.";
$type = 7;
feedin($id, $txt, $type);//inserts $txt into the users feed...
$return = "Thanks for updating your profile ";
echo $return.$name;
?>

Everything works fine. It even returns
Thanks for updating your profile "NAME"
but when i go to another page where my "NAME" has to be shown it doesn't show and none of the information in the query has been saved into the database... whats wrong???
Please help the site can be found here http://tinybud.latestdot.net/

zcollvee

bump....
i need help big time

coldwerturkey

~~..it may be because $id isn't defined in generalsettingsupdate.php~~ -nevermind

you really should use mysql_real_escape_string() to escape your users post data

DaemonProjects

zcollvee;10897481 wrote:
bump....
i need help big time

looking at the process php file you have

echo $return.$name;

shouldnt it be

echo $return; ?

next the form should be more like

<form method="post" action="/generalsettingsupdate.php?details=general">
<table>
<tr><td>First Name:</td><td>
<input type="text" name="name" value="<?php echo fname($id); ?>" ></td></tr>
<tr><td>Surname Name:</td><td><input type="text" name="sname" value="<?php echo sname($id); ?>" ></td></tr>
<tr><td>Your picture URL</td><td><input type="text" value="<?php echo pic($id); ?>" name="pic"></td></tr>
<tr><td>Your Profile Background</td><td><input type="text" value="<?php echo bgimg($id); ?>" name="bgimg"></td></tr>
<tr><td>Where do you live?</td><td><input type="text" name="live" value="<?php echo live($id); ?>" ><br /><div class="sep"></div><br />
</td></tr>
<tr><td>About You:</td><td><textarea name="aboutme"><?php echo abtme($id); ?></textarea> ></td></tr>
<tr><td>Blog Header</td><td><input type="text" name="bloghead" value="<?php echo bi($id); ?>" ></td></tr>
<tr><td></td><td><input style="float:right;"type="submit" value="&nbsp;&nbsp;Save&nbsp;&nbsp;"></td></tr>

</table></form>

zcollvee

Ok will check it out. $id is defined in the head

$id = $_SESSION['id'];

zcollvee

it still doesn't work guys...
I echoed the $query but it still doesn't work

djjjozsi

in your query:

WHERE username='".$id."'";

are you sure this is the primary ID field of your table ?

And why do you use several functions to get the user's data? Lets pull with one line:
Make sure you start the session, and has $_SESSION["id"] a value, the user's id:

<?php
session_start();

if(empty($_SESSION["id"]))
die("You must logged in! link here...");

$id = (int)$_SESSION["id"];

$qProfile = "SELECT * FROM users WHERE id=$id ";
$rsProfile = mysql_query($qProfile);
$row = mysql_fetch_array($rsProfile);
extract($row);
?>

And these variables now available, and could print into the form:

$blogimage ,
$picture ,
$bgimg ,
$about ,
$sname ,
$name,
$live ,

Before you post the form, lets see the source code, and if its needed, use convert functions ( htmlspecialchars ) to safe the html source code (textfields really don'T like " , and html codes to visible).

zcollvee

Im ready to try out anything.

And why do you use several functions to get the user's data? Lets pull with one line:

So that I can show it around the site without needing to re-write the same code again and again.

zcollvee

djjjozsi;10897490 wrote:
in your query:
WHERE username='".$id."'";
are you sure this is the primary ID field of your table ?

And why do you use several functions to get the user's data? Lets pull with one line:
Make sure you start the session, and has $_SESSION["id"] a value, the user's id:
<?php
session_start();

if(empty($_SESSION["id"]))
die("You must logged in! link here...");

$id = (int)$_SESSION["id"];

$qProfile = "SELECT * FROM users WHERE id=$id ";
$rsProfile = mysql_query($qProfile);
$row = mysql_fetch_array($rsProfile);
extract($row);
?>
And these variables now available, and could print into the form:

$blogimage ,
$picture ,
$bgimg ,
$about ,
$sname ,
$name,
$live ,

Before you post the form, lets see the source code, and if its needed, use convert functions ( htmlspecialchars ) to safe the html source code (textfields really don'T like " , and html codes to visible).

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /host/z/c/o/zcollwii/tinybud/editprofile.php on line 5

Warning: extract() [function.extract.html]: First argument should be an array in /host/z/c/o/zcollwii/tinybud/editprofile.php on line 6
??
Im soo frustrated right now. Some information from the DB is not being recieved some topic titles dissapear... WHats happening?

coldwerturkey

troubleshoot. add an or die (mysql_error()) to the query to see why not working.

..with regards to the original problem, i still think it has something to do with your $id. when you printed the query was it exactly what you expected? if the query didn't die and was executing, the WHERE clause is probably wrong but wont display any errors..

djjjozsi

WHERE id=$id

change to the correct field name

And use like this:

$rsProfile = mysql_query($qProfile) or die(mysql_error());

zcollvee

everything is working fine on the settings.php page.
its only at generalsettingsupdate.php?details=general. The query is echoed perfectly and the $id is the username and is set properly.. but still it doesnt update and all the fields to be updated are blank...

coldwerturkey

afaik if the query is echo perfectly with all the posted data, and the query executes and doesn't die, there is no reason that it shouldn't be working, besides the WHERE clause.

Also note that if a user with a session id visits "generalsettingsupdate.php" the query will execute (blank data) because the where clause is set.. you may want to wrap the script in an if (isset($_POST['name'])) statement

zcollvee

coldwerturkey;10897501 wrote:
afaik if the query is echo perfectly with all the posted data, and the query executes and doesn't die, there is no reason that it shouldn't be working, besides the WHERE clause.

Also note that if a user with a session id visits "generalsettingsupdate.php" the query will execute (blank data) because the where clause is set.. you may want to wrap the script in an if (isset($_POST['name'])) statement

OMG THANKYOU!!!!! IT WORKED!!!!!
I LOVE YOU. Glad you could help me 🙂
i love this place!

djjjozsi

And another suggestion:
use primary field (id) to identify : on select and update rows, and not with the username string!

I could register a username with spaces, ' signs, its a very big mistake in the register engine.

Hello,
jjozsi.

zcollvee

yep i jus saw that and fixed it with mysql_real_escape_string()
that will do right?

coldwerturkey

yes, but you should still strip them out (see str_replace() or use something like ereg_replace("[^A-Za-z0-9]", "", $string); ), or at least build an error system to notify the user that their username isn't valid